You can mask any control statement or parameter that specifies a UID with the asterisk or the dash wherever it appears in a rule set. The actual UID value is also automatically treated as a mask. For example, the UID parameter value of TFINPAYNLT matches not only UIDs of TFINPAYNLT but also any UID that begins with TFINPAYNLT and contains no more than 24 characters. When you mask the UID in a control statement or parameter, the rule entry can apply to multiple users. For example, if you specify the mask ABC*EF for the $UIDOWNER control statement as in the chart below, CA ACF2 Option for DB2 considers all users whose UIDs match this mask as the owners of the resource. In this case, ABCDEF, ABC1EF, ABCQEF, and ABC$EF own the resource. You can omit ending characters to form a more general UID mask. For example, by omitting NLT from TFINPAYNLT, you form a mask (TFINPAY) that represents all users in the payroll department.
The following examples show how you can mask a UID:
|
If you specified this for the UID parameter: |
These UIDs would match: |
|---|---|
|
ABC*EF |
ABCDEF ABC1EF ABCQEF ABC$EF This UID would not match: ABCEF |
|
ABCDEF- Or ABCDEF* or ABCDEF |
ABCDEF ABCDEFGHIJKLMNOPQRSTUVWX ABCDEF2345 ABCDEFG ABCDEFGQ ABCDEF$ |
|
ABC-DEF |
ABC-DEF |
|
- or * |
Matches all UIDs |
For more detailed information about standard CA ACF2 masking conventions, see the CA ACF2 Security for z/OS Administrator Guide.
|
Copyright © 2011 CA Technologies.
All rights reserved.
|
|